Embedded Files
Introduction
ENNOVE Consultancy ("ENNOVE", "we", "us" or "our") is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you interact with our website and services, in compliance with Singapore’s Personal Data Protection Act 2012 ("PDPA"). We have written this policy in a clear, plain-language style to ensure it is easily understood by our users. We believe this straightforward, professional tone is preferable to excessive legal jargon, as it reflects our commitment to transparency and helps you understand your privacy rights more easily[1]. By providing your personal data to us (for example, by filling out our online surveys, scorecards or sending us an enquiry), you agree to the terms of this Privacy Policy and consent to the collection, use, and disclosure of your personal data for the purposes set out below. This Policy applies to all personal data in our possession or under our control, including personal data handled by third-party service providers (such as Google Forms) on our behalf[2].
Personal Data We Collect
Personal data means any information that can identify an individual (whether on its own or in combination with other data)[3]. The types of personal data we may collect from you include:
Name – e.g., your full name (first and last name).
Email Address – so that we can contact you regarding your survey results or respond to your enquiries.
Company Name – if you provide your organization’s name as part of a survey or enquiry.
Any information you choose to provide, for instance, responses to survey questions or messages you send to us. These may occasionally include other personal details you voluntarily share.
We generally do not collect sensitive personal data such as NRIC/FIN numbers, passport numbers, phone numbers, or financial information through our surveys, unless you voluntarily provide them in a text field. We also do not collect any more data than necessary for the stated purposes (data minimization). Additionally, when you visit our website or submit a Google Form, certain technical data (like your IP address, browser type, or device information) may be automatically collected by our web servers or by the Google Forms platform. While this technical information could be considered personal data in some cases, we do not use it to identify you and only use it for aggregate analytics, website functionality, or security purposes.
How We Collect Your Personal Data
We collect personal data directly from you through:
Online Forms: When you fill out our surveys, scorecards, or assessment forms hosted on Google Forms, you will be asked to provide information such as your name, email, company name, and your responses to the questionnaire. We receive and store these responses through the Google Forms platform.
Enquiry Channels: When you contact us via email (or through any contact forms on our website) to make an enquiry or request information, you may provide personal details like your name, email address, and the content of your message. We will collect and retain the information you provide in order to respond to you.
Business or Networking Interactions: If you interact with us in person (e.g., at a workshop, meeting, or event) or via professional networking platforms and give us your business card or contact information, we may collect that personal data with your consent to follow up with you.
Automatically: As mentioned above, our website hosting platform and Google Forms may automatically collect some technical information (such as IP addresses or cookie information) when you interact with our online services. This data is generally collected by the system for operational reasons. We do not actively use this data to profile you, but it may be stored in logs or analytics tools. You can control cookies through your browser settings, and our site’s use of cookies (if any) will be solely for functionality or aggregate statistics, not for advertising.
We do not obtain personal data about you from third-party sources without your knowledge. If we ever need to collect personal data about you from someone else (for example, if a business partner refers you and provides your contact details), we will ensure that the third party has obtained your consent to share your data with us.
Purpose of Collection and Use of Personal Data
ENNOVE Consultancy collects and uses your personal data only for purposes that we have informed you about and which you have consented to, and that a reasonable person would consider appropriate under the circumstances[4][5]. The main purposes for which we collect, use, and process personal data include:
Providing and Improving Our Services: To evaluate your responses to our surveys/scorecards and provide you with feedback, results, or tailored insights. We may also use aggregated (anonymized) survey data to analyze trends and improve our consulting services or develop better assessment tools, without identifying any individual respondent.
Follow-up and Communication: To follow up with you regarding the surveys or assessments you have completed (e.g., to send you your results or discuss your scores) and to respond to any enquiries or requests you send us. For instance, if you ask for more information about our services or methodologies, we will use your email address and other provided details to communicate with you.
Service Delivery and Client Engagement: If you become our client or engage us for consultancy/training services, we will use your personal data as necessary to carry out our obligations to you. This includes contacting you to schedule sessions or meetings, sending you resources or materials, and generally administering the business relationship (e.g., billing or feedback requests).
Partner Collaboration: Where relevant, we may share certain information (such as your name and email) with our trusted business partners or associate consultants in order to jointly deliver a service or provide follow-up to you. For example, if your assessment results indicate you could benefit from expertise or solutions provided by one of our partner companies, and you have expressed interest, we might refer you to that partner and share your contact details with them. In doing so, we ensure that the partner will use your data only for the intended purpose and will protect it under confidentiality obligations.
Legal Compliance and Administrative Purposes: To comply with any applicable laws, regulations, guidelines, or statutory requirements. For example, we may retain certain transaction records if required by law, or use your data to fulfill legal reporting obligations. Additionally, we may use personal data to protect our rights and interests – for instance, to investigate or prevent potential fraud, security breaches, or misuse of our services, or to enforce the terms of any agreements with you.
We will not use your personal data for any purposes beyond what we have notified you of and obtained your consent for, in accordance with PDPA’s Purpose Limitation obligation[5]. In particular, we do not use your personal data for unsolicited marketing – you will not be automatically added to a mailing list, nor will you receive promotional emails from us, just because you filled out a survey or contacted us. We also do not sell your personal data to any third parties.
Disclosure of Personal Data to Third Parties
We treat your personal data with confidentiality and will share it with third parties only in limited circumstances, and only for the purposes described above or as required by law. Situations where we may disclose your personal data include:
Service Providers (Data Intermediaries): We employ reputable third-party companies to support our operations, such as Google (for hosting our online forms and storing form responses) and possibly other cloud service providers or IT solutions. These service providers process personal data on our behalf for the stated purposes (e.g., Google stores the survey data). We ensure that such providers are bound by contractual terms or policies to protect your personal data and to use it only for our specified purposes, in compliance with PDPA.
Business Partners and Affiliates: As noted, we may work with partner consultants or organizations in delivering certain services or follow-ups. If it is necessary to involve a partner and share your information (for example, to set up a joint consultation, or because you requested a referral), we will do so only with your knowledge. The partner will be required to keep your data confidential and to use it solely for the purpose for which we provided it.
Legal Requirements and Vital Interests: We may disclose your personal data if we are legally compelled to do so – for instance, in response to a subpoena, court order, or government directive. We may also disclose data if we believe in good faith that it is necessary to: (i) comply with any law or regulatory requirement, (ii) prevent or address fraud, security, or technical issues, or (iii) protect the rights, property, and safety of ENNOVE, our users, or the public. Such disclosure will be done in compliance with applicable laws.
Corporate Transactions: In the unlikely event that ENNOVE Consultancy undergoes a significant business transaction such as a merger, acquisition, or sale of assets, personal data in our possession may be transferred to the acquiring or succeeding entity as part of that deal. If your personal data is involved in such a transaction, we will ensure the receiving party is bound to protect your data to standards equivalent to this Policy, and we will notify you where required.
Importantly, we do not sell, rent, or trade your personal data to third parties for marketing or unrelated purposes. Any third parties who handle your personal data as described above are required to handle it with care and in accordance with PDPA and our instructions.
International Transfer of Personal Data
As a Singapore-based company, we primarily process personal data in Singapore. However, in certain scenarios your personal data might be transferred to, or accessed from, locations outside of Singapore:
Our surveys and forms are hosted on Google Forms, and the data you submit may be stored on Google’s servers which could be located in data centers outside Singapore (e.g., in the United States or other regions). Similarly, if we use other cloud services or email providers, your data might transit through or be stored on servers outside Singapore.
If you are located outside of Singapore when using our services, or if our team members travel or work remotely from another country, your personal data may be accessed from outside Singapore as necessary to provide services or support to you.
When we transfer personal data outside of Singapore, we take steps to ensure that the data remains protected. In particular, we will only transfer your personal data to another country if we have ensured that the recipient is legally or contractually bound to provide a standard of protection to your data that is comparable to the protection under Singapore’s PDPA[6]. This is in compliance with PDPA’s Transfer Limitation obligation. For example, by using Google’s services, we rely on a company that has robust data protection practices and we accept their data processing terms which commit to protecting user data. Similarly, any partner or service provider outside Singapore would be required to adhere to PDPA-equivalent data protection standards.
By submitting your information to us, you acknowledge that your personal data may be transferred or stored in overseas locations as needed to carry out the services or responses you requested. Nonetheless, we will strive to minimize unnecessary overseas data transfers. Where transfers are necessary, we will protect your data during transit (for instance, by using encrypted connections) and through the safeguards mentioned above.
Protection of Your Personal Data
We take data security seriously at ENNOVE. In line with PDPA’s Protection Obligation, we have implemented reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, copying, modification, or disposal of your personal data[7]. Our security measures include:
Secure Platforms & Encryption: We rely on reputable platforms like Google Forms which utilize encryption (HTTPS) for data transmission. Data stored with Google is protected by Google’s security infrastructure (including encryption at rest and strict access controls). Whenever we transmit or retrieve personal data, we use secure connections.
Access Control: Access to personal data within ENNOVE is limited to authorized personnel who have a legitimate need to know this information. Our team is small, and each member is trained on confidentiality and PDPA compliance. Personal data stored in online systems is password-protected, and we use two-factor authentication and other best practices where available to prevent unauthorized access.
Administrative Safeguards: We have internal policies and conduct training to ensure that personal data is handled properly and securely. We review our data protection practices periodically. For example, we regularly update our computer security (using firewalls, antivirus software, etc.) and we avoid retaining printed copies of documents containing personal data to reduce the risk of physical disclosure.
Third-Party Security: When working with any third-party contractors or service providers who might handle personal data, we ensure they have robust security measures as well. We include data protection clauses in our agreements with them. For instance, if we share a spreadsheet of survey results with a partner consultant via a secure cloud drive, that drive is access-restricted and the consultant is obligated to handle the data confidentially and delete it when it's no longer needed.
In the unlikely event of a personal data breach that results in, or is likely to result in, significant harm to affected individuals, or that involves the personal data of 500 or more individuals, we will comply with our legal obligations under the PDPA to notify the Personal Data Protection Commission (PDPC) and affected individuals as soon as practicable. We will also take all reasonable steps to contain the breach, investigate the cause, and implement measures to prevent recurrence.
While we strive to protect your personal data using commercially reasonable means, please be aware that no method of electronic storage or transmission over the internet is completely secure. However, we continuously update and improve our security practices to adapt to new threats and ensure your data remains safe.
Retention of Personal Data
We will retain your personal data only for as long as it is necessary to fulfill the purposes for which it was collected, or as required by applicable laws and business needs. In accordance with PDPA’s Retention Limitation obligation, we will cease to retain personal data (or remove the means by which the data can be associated with you) once it is reasonable to assume that such retention no longer serves the purpose for which the data was collected and is no longer necessary for legal or business reasons[8]. In practice:
If you fill out a survey or scorecard, we will keep your contact details and responses for as long as needed to complete our analysis, provide you with results, and follow up on any outcomes or recommendations. We may retain the data for a period after that interaction (e.g., several months or a few years) to accommodate further inquiries from you or to use aggregated results for our internal insights. Where possible, we will anonymize survey response data after we have used it, so that it no longer identifies you personally.
If you make an enquiry (but do not become a client), we will retain your contact information and correspondence for a duration that allows us to respond to you and follow up as necessary. Typically, once your enquiry is fully addressed and there is no further activity, we will archive or delete your data after a reasonable period, unless you consent to ongoing contact.
In all cases, we periodically review the personal data we hold. When personal data is no longer needed for any business or legal purpose, we will securely delete or anonymize it. For example, if you withdraw your consent for us to hold your information, or if a significant period of time has passed and we have no ongoing relationship or obligation to retain your data, we will remove it from our systems (except for information we may be required to keep by law).
Your Rights and Choices
We respect your rights regarding your personal data. Under the PDPA and other relevant laws, you have certain rights concerning the personal data that we hold about you: - Access: You may request to know what personal data of yours we have in our possession or control, and to find out how that data has been used or disclosed by us in the past year[9]. Upon verifying your identity, and subject to exceptions under the PDPA, we will provide you with an overview of your personal data that we possess and how it has been utilized or shared. We aim to respond to access requests as soon as reasonably possible (generally within 30 days). If we cannot meet that timeline or must refuse access under PDPA exceptions, we will inform you of the reason.
Correction: If you believe that any personal data we hold about you is inaccurate or incomplete, you have the right to request a correction or update. We encourage you to help us keep your information accurate. Upon receiving a correction request and the correct information, we will correct your personal data as soon as practicable and (if required) send the corrected information to any other organization that we had shared the inaccurate data with, within the last year, so they can update their records as well[9].
Withdrawal of Consent: You have the right to withdraw any consent you have previously given us for collecting, using, or disclosing your personal data. For example, if you consented to let us use your email for follow-up, you can later withdraw that consent. Once we receive a withdrawal request, we will inform you of the likely consequences of your withdrawal (for example, if it means we can no longer provide you with certain follow-up or services) and then cease collecting or using your data for those purposes[10]. After that, we will also delete or anonymize the relevant personal data in our records, unless retention is required for legal reasons. Please note that withdrawing consent does not affect the lawfulness of any processing carried out before your withdrawal.
Questions or Complaints: If you have any questions, concerns, or complaints about our handling of your personal data or about this Privacy Policy, you have the right to contact us (see the next section for contact details). We will do our best to resolve your issue promptly. If you feel we have not adequately addressed your concerns, you also have the option to lodge a complaint with the Personal Data Protection Commission (PDPC) in Singapore. However, we welcome the opportunity to address your concerns first.
To exercise any of your rights above or to make any request regarding your personal data, please contact us using the contact details provided in the next section. For security and verification purposes, we might need to confirm your identity before processing your request (to ensure we do not disclose data to the wrong person). In certain cases, especially for access requests, we are allowed to charge a reasonable fee to cover the administrative costs. If so, we will inform you of the fee before proceeding.
Contacting Us (Data Protection Officer)
If you have any questions, requests, or concerns regarding this Privacy Policy or the way we handle your personal data, you can reach out to our Data Protection Officer (DPO) for assistance. In accordance with PDPA’s Accountability Obligation, we have appointed a DPO and made their business contact information available to the public[11].
You may reach our DPO at: evonne@ennovesg.com
Please include the keyword "PDPA" in your email subject line to help us attend to your query promptly. We will strive to acknowledge your query within 3 business days and to provide a substantive response within 21 business days.
Updates to This Privacy Policy
We may update or revise this Privacy Policy from time to time to reflect changes in our practices or in the law. If we make significant changes, we will post the updated Privacy Policy on our website and update the "Last updated" date below. In some cases, if the changes are material, we may also notify you (for example, via email, if you have provided us an email address). We encourage you to review this Policy periodically to stay informed about how we protect your personal data.
Your continued use of our services or website after any changes to this Privacy Policy will constitute your acceptance of the updated policy.
This Privacy Policy and its interpretation are governed by the laws of Singapore.
Last updated: Oct 2025
[1] Understanding What Exactly is a Privacy Policy and Its Importance
https://pandectes.io/blog/what-exactly-is-a-privacy-policy/
[2] Data Protection Notice - Bhavini S Law Practice
https://bhavinislawpractice.com/data-protection-notice/
[3] PDPC | PDPA Overview
https://www.pdpc.gov.sg/overview-of-pdpa/the-legislation/personal-data-protection-act
[4] [5] [6] [7] [8] [9] [10] [11] PDPC | Data Protection Obligations
Report abuse